Sven Strickroth wrote:
> Am 10.08.2007 19:00 schrieb Roberto Ullfig:> >> On 2007-08-10 12:42, Roberto Ullfig wrote:>> Actually, what we see is that nearly all viruses of the form:>>>> Email.Phishing.RB-12...>>>> stopped being detected on Aug 9 15:31 on all 12 of our servers. On one server I see only one of>> these being detected this morning. We usually get several a minute. So, what could be the cause>> of the absence of this virus all of a sudden?>> >> The bad guys changed the mail-layout and we had to create new signatures.>> And yes: We remove Email.Phishing.RB-* from time to time, when those> become useless to keep a clean/small/fast database.>> > ------------------------------------------------------------------------>> _______________________________________________> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net> http://lurker.clamav.net/list/clamav-users.html>

What determines a clean/small/fast database? Are these removals logged
anywhere? I now notice that all Phishing "viruses" are gone and we're
now getting Email.Ecard viruses. Was there a renaming?

Thing is, the way we work is that we run clamav first - any leftovers go
to our much more resource intensive spamassassin. Now if you remove a
whole bunch of signatures from the database, then spamassassin all of a
sudden gets a jump in processing and in some cases are servers are
overwhelmed. So, allowing clamav to start ignoring e-mail it was
previously blocking is not a nice thing to do.
--
Roberto Ullfig - rullfig@uic.edu
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.nethttp://lurker.clamav.net/list/clamav-users.html